Researcher Develops First Malware PoC for Firefox Mobile OS

A young security researcher has developed the first ever malware designed to target the recently released Firefox Mobile operating system and plans to unveil the proof-of-concept at the at the upcoming The Ground Zero (G0S) 2013 security summit in November.

Shantanu Gawde, a promising security researcher who is just 17-years-old, said the malware – which employs only TML, CSS, and JavaScript, can pilfer contact information, upload and download files onto the targeted device, access geolocation and SD card data, and more.

“The purpose of the PoC is of course to motivate developers to ensure better security on their platforms rather than providing inspiration to those with malicious intents,” said Gawde.

Firefox OS is application-based, and Gawde exploited vulnerabilities on the platform’s API in order to develop the malware. Mozilla has sought to downplay the vulnerability saying it is dependent on activation of the developer mode functionality.

“We are aware of plans to demonstrate a malware app able to perform malicious tasks on the Firefox OS phone. Such attacks usually rely on developer mode functionality, which is common to most Smartphones but disabled by default,” said a Mozilla spokesperson.

“In addition, we believe this demonstration requires the phone to be physically connected to a computer controlled by the attacker, and unlocked by the user.”